Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

template-condition update to support selecting key/values under classification #3575

Closed
ehsandeep opened this issue Apr 20, 2023 · 3 comments · Fixed by #3606
Closed

template-condition update to support selecting key/values under classification #3575

ehsandeep opened this issue Apr 20, 2023 · 3 comments · Fixed by #3606
Labels
hacktoberfest-accepted Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Enhancement Most issues will probably ask for additions or changes.
Milestone
nuclei v2.9.3 (bu...

Comments

@ehsandeep
Copy link
Member

ehsandeep commented Apr 20, 2023
edited
Loading

Please describe your feature request:

id: CVE-2023-28432
info:
  name: Minio Cluster Deployment - Information Disclosure
  author: Mr-xn
  severity: high
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2023-28432
    cwe-id: CWE-200
    cpe: cpe:2.3:a:minio:minio:*:*:*:*:*:*:*:*
    epss-score: 0.01489
  metadata:
    fofa-query: app="Minio"
    shodan-query: title:"Minio Console"
    verified: true
    max-request: 10
  tags: cve,cve2023,minio,console,exposure

Currently, this is possible for the metadata section but not for classification.

Current working example with metadata section.

nuclei -tc 'verified == "true"'

Describe the use case of this feature:

  • Load all the templates where cpe == "XXX"
  • Load all the templates where cpe contains "XXX"
  • Load all the templates where cvss-score == 7.5
  • Load all the templates where cvss-score => 5.0
  • Load all the templates where cvss-metrics == "XXX"
  • Load all the templates where cvss-metrics contains "PR:N"
  • Load all the templates where max_request <= 10

Examples:

nuclei -tc 'cpe == "cpe:2.3:a:minio:minio:*:*:*:*:*:*:*:*"'
nuclei -tc 'contains(cpe, "cpe:2.3:a:minio:minio:*:*:*:*:*:*:*:*")'
nuclei -tc 'cvss_score == 7.5'
nuclei -tc 'cvss_score => 5.0'
nuclei -tc 'cvss_metrics == "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N")'
nuclei -tc 'contains_any(cvss_metrics, "AC:L", "AV:N")'
nuclei -tc 'max_request <= 10'
@ehsandeep ehsandeep added the Type: Enhancement Most issues will probably ask for additions or changes. label Apr 20, 2023
@ehsandeep
Copy link
Member Author

Related - #2326

@tarunKoyalwar
Copy link
Member

https://github.com/iamargus95 seems to be working on this (cc: @ShubhamRasal )

@iamargus95
Copy link
Contributor

Found a bug in the implementation of the -tc flag when using hyphenated Metadata fields.
I've created an issue describing the bug : HERE.
CC: @ShubhamRasal @tarunKoyalwar

@ShubhamRasal ShubhamRasal linked a pull request Apr 25, 2023 that will close this issue
Update -tc flag to filter fields within the classification section #3606
Merged
4 tasks
@ehsandeep ehsandeep added this to the nuclei v2.9.3 (bugfix) milestone Apr 26, 2023
@ehsandeep ehsandeep added the Status: Completed Nothing further to be done with this issue. Awaiting to be closed. label Apr 26, 2023
This was referenced Apr 28, 2023
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
hacktoberfest-accepted Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Enhancement Most issues will probably ask for additions or changes.
Projects
None yet
Milestone
nuclei v2.9.3 (bugfix)
Development

Successfully merging a pull request may close this issue.

Update -tc flag to filter fields within the classification section
3 participants
@ehsandeep @tarunKoyalwar @iamargus95